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ABSTRACT: This paper proposes an uncertainty analysis framework based on the characterization of the un- 

certain parameter space. This characterization enables the identification of worst-case uncertainty combinations 
and the approximation of the failure and safe domains with a high level of accuracy. Because these approxi- 
mations are comprised of subsets of readily computable probability, they enable the calculation of arbitrarily 
tight upper and lower bounds to the failure probability. The methods developed herein, which are based on non- 
linear constrained optimization, are applicable to requirement functions whose functional dependency on the 
uncertainty is arbitrary and whose explicit form may even be unknown. Some of the most prominent features 
of the methodology are the substantial desensitization of the calculations from the assumed uncertainty model 
(i.e., the probability distribution describing the uncertainty) as well as the accommodation for changes in such 
a model with a practically insignificant amount of computational effort. 


1 INTRODUCTION 

This paper studies the reliability of a system for which 
a parametric mathematical model is available. The 
acceptability of the system depends upon its ability 
to satisfy several design requirements. These require- 
ments, which are represented by a set of inequality 
constraints on selected output metrics, depend on the 
uncertain parameter vector p. The system is deemed 
acceptable if all inequalities are satisfied. The require- 
ments/constraints partition the uncertain parameter 
space into two sets, the failure domain, where at least 
one of them is violated, and the safe domain, where all 
of them are satisfied. The reliability analysis of this 
system consists of assessing its ability to satisfy the 
requirements when the uncertain parameter p is free 
to take on any value from a prescribed set. The most 
common practice in reliability analysis is to assume a 
probabilistic uncertainty model of p (i.e., the random 
variable that models the uncertainty), and estimate the 
corresponding probability of failure. Calculating the 
failure probability is usually difficult since it requires 
evaluating a multi-dimensional integral over a com- 
plex integration domain. Sampling-based approaches 
(Niederreiter 1992, Kail and Wallace 1994) and meth- 


ods based on asymptotic approximations of the fail- 
ure domain (Rackwitz 2001, Royset et al. 2001) are 
the engines of most (if not all) of the numerical tools 
used to estimate this probability. 

Reliability assessments whose figure of merit is the 
probability of failure are strongly dependent on the 
assumed uncertainty model. Quite often this model 
is created using engineering judgment, expert opin- 
ion, and/or limited observations of p. The persistent 
incertitude in the model resulting from this process 
makes the soundness of the reliability analyses based 
on failure probabilities questionable. Besides, the un- 
certainty in the uncertainty model is commonly re- 
fined throughout the analysis cycle of the system. This 
process prevents leveraging the computational effort 
spent performing previous analyses. Furthermore, in 
the hypothetical case when the uncertainty model is 
perfect and final, the failure probability fails to de- 
scribe practically significant features of the geometry 
of the failure event. Some of these features are the 
separation between any given point and the failure do- 
main, the location of worst-case uncertainty combina- 
tions, and the geometry of the failure domain bound- 
ary. 

This paper proposes techniques that characterize 



the uncertain parameter space with a high level of fi- 
delity. A significant thrust of this research is the gen- 
eration of sequences of inner approximations to the 
safe and failure domains by subsets of readily com- 
putable probability. These sequences are chosen such 
that they almost surely fill up the region of inter- 
est. The strategies proposed are applicable to require- 
ment functions having arbitrary functional dependen- 
cies on the uncertainty whose explicit form may even 
be unknown. The companion paper (Crespo et al. 
2011) proposes strategies with the same goals but re- 
stricted to polynomial requirement functions. Overall, 
the methodology enables the substantial desensitiza- 
tion of the calculations from the assumed uncertainty 
model as well as the accommodation for changes in 
such a model with a practically insignificant amount 
of computational effort. 

This paper is organized as follows. Basic concepts 
are established in Section 2. This is followed by Sec- 
tion 3 where analytical expressions for bounds on 
the failure probability bounds are derived. Section 4 
presents strategies for generating and refining the fail- 
ure domain approximations that enable calculating 
the bounds. Finally, a few concluding remarks close 
the paper. Proofs are omitted due space limitations. 


2 BASIC CONCEPTS AND NOTIONS 

Uncertainty models of p € M s , where s is the number 
of uncertain parameters, can be probabilistic or non- 
probabilistic. A set whose members are all possible 
uncertain parameter realizations is a non-probabilistic 
model. This set, called the support set, will be de- 
noted as A C I s . On the other hand, a probabilis- 
tic uncertainty model prescribes a measure of prob- 
ability to each member of this set. This model, in 
which p is a random vector, is fully prescribed by the 
joint probability density function f p (p ) : A — > M, or 
equivalently, by the cumulative distribution function 
F p (p) : A -> [0,1]. 

Consider a system that depends on the uncertain 
parameter p. The design requirements imposed upon 
such a system are given by the vector 1 inequality 
g(p ) < 0, where g : V — ► 1C, v is the number of con- 
straint functions, and ACPC SC . The set V, where 
the constraint functions are defined, will be called the 
master domain. 

The failure domain, denoted as T C PC, is com- 
prised of the parameter realizations that fail to satisfy 
at least one of the requirements. Specifically, the fail- 


1 Throughout this paper, it is assumed that vector inequalities 
hold component-wise, super-indices denote a particular vector 
or set, and sub-indices refer to vector components; e.g., p\ is the 
ith component of the vector p 1 . 


ure domain is given by 

V 

F= \J{P-9i{p) > °}- (1) 

i= 1 

The safe domain, given by S = CfF), where C(-) de- 
notes the complement set operator given by C(X) — 
V\X, consists of the parameter realizations satisfy- 
ing all the design requirements. The failure probabil- 
ity associated with a probabilistic uncertainty model 
is given by 

p [X} = fj p {p)dp, (2) 

where P[-] is the probability operator. Techniques 
for approximating T and S will be presented below. 
The resulting approximations are comprised of hyper- 
rectangles or quasi-ellipsoids. 

The hyper-rectangle having m > 0 as the vector of 
half-lengths of the sides and p as its geometric center, 
is given by 

1Z(P, m) = {p:p~m<p<p + m} . (3) 

An alternative representation of this hyper-rectangle 
is given by 

1Z(p,m) = 5(p — m,p + m), (4) 

where 

6(x, y) = [xi, Vl ] x [x 2 , y 2 \ x • • • x [x s , y s ], (5) 

is the Cartesian product of intervals. Note that the first 
and second argument of 5 are the lower and upper lim- 
its of the set. The components of l may be real num- 
bers or minus infinity while those of u may be real 
numbers or infinity. Recall that the norm is defined 
as 1 1 x || 00 = sup{|tCj|}. Let us define the m-scaled 
norm as ||a;||“ = sup{|tCj|/m.;}. A distance between 
the vectors x and y can be defined as ||a; — y||“. Us- 
ing this distance, lZ(p, m) is the unit ball centered at 

P 

A subdivision is the process of dividing a set into 
subsets. Let p(-) be an operator whose input is any 
given set and its output are the subsets. A bisection- 
based subdivision in the ith direction is given by 

p(lZ) = {H(p + w . m — w),1Z(p — w . m — in)}, 

where w = [0, . . . , 0, m*/ 2, 0, . . . , 0]. Alternatively, 

pill) = + m), . . .,5(v 2S ,v 2b + m)}, 

where v k is a vertex of 5(1,1 + m), leads to 2 s rect- 
angular subsets each of volume n*=i m *- 



The quasi-ellipsoid having m > 0 as the semi- 
principal axes vector and p as its geometric center, 
is given by 

S(p,m, n)= jp: (g (^) ) <l| <« 

where n is an even natural number. Note that £ 
is a closed set in having a polynomial bound- 
ary of degree n. Further notice that S(p,m,n) ap- 
proaches 7 Z(p, m) asymptotically from the inside as 
n — > oo. Recall that the t p norm is defined as ||cc|| p = 
(S \ x i\ p ) l ^ p - Let us define the m-scaled I n norm as 
ll^llm = (J2( x i/ rn i) n ) 1 ^ n - A distance between the 
vectors x and y can be defined as || cc — y\\^. Using 
this distance, £(p. rri. n) is the unit ball centered at p. 

The probability of the sets 7 Z(p,m) C A and 
£(p,m,n ) C A can be analytically calculated or 
bounded under the following conditions. The proba- 
bility of a hyper-rectangle can be calculated analyti- 
cally when the components of p are independent ar- 
bitrarily distributed random variables. The probabil- 
ity of a quasi-ellipsoid on the other hand, can be cal- 
culated analytically when the components of p are 
independent, uniformly distributed random variables 
and £ C A. The probability of the ellipsoid £ can be 
bounded from below when the components of p are 
independent arbitrarily distributed random variables. 
Failure probability bounds result from approximating 
the failure and safe domains with the union of hyper- 
rectangles or quasi-ellipsoids and using these analyt- 
ical expressions. The following section presents the 
mathematical background required to calculate prob- 
ability bounds based on the approximations. The sec- 
tions that follow provide means to generate and se- 
quentially refine these approximations. 

3 PROBABILITY BOUNDS 

The key development in this section is the calcula- 
tion of the probability of inner approximations to the 
failure and safe domains. These approximations are 
comprised of a collection of almost disjoint hyper- 
rectangles or quasi-ellipsoids. Two sets are almost 
disjoint if they overlap at most in mutual boundary 
points. Let P sub and S sub denote inner approxima- 
tions (sub- sets) of the failure and safe domains. Thus, 
jrsup _ (j^sub'j j s an ou t cr approximation ( super- 
set ) of the failure domain. Because 0 C P sub C P C 
P sup C D, we have 0 < P[P sub ] < P[P\ < P[P sup ] < 
1. Therefore, P[P sub ] and l :> \P fi ' lp ] are lower and up- 
per bounds to the failure probability. Note that the 
bounds approach the failure probability when P sub 
approaches the failure domain and S sub approaches 


the safe domain. Further notice that C (S sub U P svb ) 
contains the failure domain boundary OP. 

The failure domain and its approximations, as well 
as the worst-case uncertainty combination introduced 
later, are intrinsic features of the failure event that 
do not depend on the uncertainty model. While this 
model affects the failure probability via the integrand 
of (2), the integration domain P and its approxima- 
tions are independent of it. Probability bounds corre- 
sponding to a given P sup are presented next. Exten- 
sions corresponding to P sub follow. 

Theorem 1. Assume that p is an independent 
random vector with continuous joint cumulative 
distribution function F p (p ) supported in A. If 
{TZfp^^m 1 ), . . . ,TZ(p k ,m k )} is a collection of 
hyper-rectangles where each member is a subset of 
S and any two members are almost disjoint, then 

k \ 

[_J 7^(p\ trd) I , (7) 

i=i / 

is an outer approximation to the failure domain and 

k s 

P\F mr ] =1 - £ II K (Pi + m i) - Fp, (Pi - m 

i= 1 3 = 1 

(8) 

is an upper bound to the failure probability. 

The bound is a function of the uncertainty model 
via F p (p), but the the outer approximation P sup and 
the containment conditions P C P sup C V are not. 
Note that while most of the computational effort will 
be devoted to generate P sup , the effort required to 
evaluate the probability bound is practically insignif- 
icant. Furthermore, notice that if additional hyper- 
rectangles are appended to S sub until, in the limit; they 
almost cover S , the upper bound approaches P[P] 
from above. 

Suppose the uncertainty model of p is changed 
from F p (p) to F p (p) in p e A. If A C 77, P sup still 
covers the failure domain and a probability bound for 
the new uncertainty model can be calculated by re- 
placing Fpip) by Fp(p) in (8). Therefore, with the 
outer approximation in hand, we can readily calcu- 
late probability bounds corresponding to any uncer- 
tainty model supported in the master domain. This en- 
ables us to efficiently accommodate for changes in the 
uncertainty model while leveraging all the computa- 
tional effort devoted to generate p sup . 

The common practice of transforming the prob- 
abilistic uncertainty model of p to a space where 
the joint density function takes on a particular form 
(Rackwitz 2001) will be used subsequently. One 



space of interest is the uniform space, where the un- 
certain parameters become mutually independent uni- 
form random variables with support set [0,1]. The cor- 
responding transformation, denoted by u = U(p), is 
a one-to-one mapping of the support set A onto the 
unit cube. Since this is a probability preserving trans- 
formation P[F\ = P[U(F)\. 

Theorem 2. Assume thatp is an independent random 
variable with joint cumulative distribution function 
Fp(p'). Denote by u = U(p) a transformation of this 
distribution to uniform space in the unit cube <5(0, 1). 
If {£{v}, mi ,n ), . . . ,£{u k , m k , n) \ is a collection of 
quasi-ellipsoids of degree n where each member is a 
subset of U(S) and any two members are almost dis- 
joint, then 


F sup = C l{j£(u\m\n) , 


(9) 


0=1 


is an outer approximation to the failure domain and 


P[F sup 


1 


2T (2±!) 

r W) 


sn 

j= 1 i — 1 


( 10 ) 


where T is the Gamma function, is an upper bound to 
the failure probability. 


Due to the transformation, V = A. Since the ap- 
proximation F sup is a function of the uncertainty 
model via the transformation U, the bound in (10) 
does not apply to other uncertainty models. Note how- 
ever that F C U~ 1 (F sup ). Unfortunately, the prob- 
ability bound P[U~ 1 (F sup )\ corresponding to other 
uncertainty models cannot be calculated analytically. 
Conditional sampling algorithms (Crespo et al. 2009) 
can be used to approximate this probability. 


Theorem 3. Assume that p is an independent ran- 
dom variable with joint cumulative distribution func- 
tion F p {p). If {Sip 1 jTn 1 ,n ) , ..., £(p k ,m k ,n)} is a 
collection of quasi-ellipsoids of degree n where each 
member is a subset of S and any two members are 
almost disjoint, then 


F sup = C ( |J £(p\ m\ 


n 


( 11 ) 


vt=l 


is an outer approximation to the failure domain and 

k S 

Hr ur) = ! - VQ(f n (p‘ + ,m<) - 

i=l j 1 


F P] (p) ~ r/m}) }, (12) 

where // = \j 2/ (s(s + 1)), is an upper bound to the 
failure probability. 


This bound results from adding the probabilities of 
the largest hyper-rectangle that fits within each quasi- 
ellipsoid. These hyper-rectangles are IZ{p l , qm l ) for 
i = 1 ,... ,k. This bound is conservative (i.e., it 
does not converge to the actual failure probability 
as F sup approaches F), since P[C(lZ(p l , qm 1 )) IT 
£(p\ m\ n)] > 0 in general. Note that the volume of 
C(lZ(p l ,pm 1 )) n £(p\m\n) approaches zero as n 
goes to infinity. As a result, f)(F sup ) — > P[F] from 
above when F sup — > F and n — > oo. As in Theorem 
1, the approximation F sup can be readily used to esti- 
mate the probability bound corresponding to any un- 
certainty model supported in the master domain. 

It is important to notice that the bounds above are 
probabilities of events and as such they always range 
from zero to one. This cannot be said of other bounds 
found in the literature. For example, bounds based 
on the Markov’s and Chebyshev’s inequalities (Ross 
1998) result from applying the expected value oper- 
ator to an algebraic inequality and may actually lie 
outside [0, 1], often rendering them impractical. 

The probability bounds in Theorems 1-3 can be ex- 
tended to the case where an inner approximation of 
the failure domain is available. In such a case, the 
subsets are in the failure domain, F sub is given by 
the complement of the sets at the right hand side of 
Equations (7), (9), and (11); and the corresponding 
lower bounds are given by one minus the right hand 
side of Equations (8), (10) and (12). Therefore, hav- 
ing an inner and an outer approximation of the failure 
domain enables bounding its probability from below 
and above. An excessively large lower bound, which 
will only become larger as F sub — > F, can be used 
as the figure of merit supporting the unacceptability 
of the system. A sufficiently small upper bound on 
the other hand, which will only become smaller as 
jrsup jr t can b e usec [ as q ie fig ure 0 f merit sup- 

porting the acceptability of the system. Tighter ap- 
proximations should only be generated when neither 
of these two conditions are applicable. 

4 REQUIREMENTS WITH ARBITRARY 
FUNCTIONAL DEPENDENCIES 

This section presents a nonlinear optimization- 
based technique for calculating hyper-rectangular and 
quasi-ellipsoidal subsets of the safe and failure do- 
mains. This technique is applicable to arbitrary func- 
tional dependencies of g on p. The explicit form 
of this dependency may even be unknown. This ap- 
proach relies on the convergence of a nonlinear con- 
strained optimization algorithm to a global minimum. 
Absolute guarantees of convergence to such a point 
are not possible from the outset due to the general- 
ity in the structure of g. However, a variety of algo- 
rithmic safeguards can be used to deal with this de- 



ficiency (Crespo et al. 2009). This technique should 
not be used when the dependency of g on p assumes a 
known polynomial form. In such a case the techniques 
in (Crespo et al. 201 1) are preferred since the correct- 
ness of their results is formally verifiable. The notion 
of homothetic deformations (Crespo et al. 2008, Cre- 
spo et al. 2009), of paramount importance for the de- 
velopments that follow, is briefly introduced next. 

4. 1 Homothetic Deformations 

A homothetic deformation results from a uniform, ra- 
dial expansion or contraction of the space about a 
fixed point. The distance from any point in the space 
to the fixed point changes by a factor a after the de- 
formation. This factor is called the similitude ratio of 
the homothetic deformation. Note that if a is greater 
than 1, the deformation is an expansion, while if a is 
less than 1, the deformation is a contraction. A ref- 
erence set , denoted as Cl C M s , will be deformed with 
respect to a fixed point pel). This point can be an ar- 
bitrary parameter realization having no particular sig- 
nificance, or can be our best deterministic estimate of 
the actual value of p. We choose p to be the geometric 
center of the reference set. 

Intuitively, one can imagine that is being de- 
formed with respect to p until its boundary just 
touches OF . This deformation will be called here- 
after the maximal deformation. The set resulting from 
this deformation, denoted as Ad, is the maximal set. 
A critical parameter value , denoted as p, is (one of) 
the point(s) where the maximal set touches ()T . If 
p is our best estimate of the actual value of p , the 
critical parameter value is the worst-case uncertainty 
combination associated with the norm that prescribes 
the boundary of Cl (e.g., the critical parameter value 
corresponding to the maximal deformation of a hyper- 
rectangle is the worst-case uncertainty combination in 
the sense of the m-scaled norm from p). The crit- 
ical similitude ratio , denoted by a, is the similitude 
ratio of that deformation and is a non-dimensional 
metric proportional to the separation between p and 
dZF. Techniques for evaluating set containment, for 
performing maximal deformations and for generating 
failure domain approximations are presented next. 

4.2 Set Containment 

We want to determine if the reference set Cl, having 
one of the geometries in (3) or (6), is fully contained 
in the safe or failure domains. This determination will 
be based on the calculation of the critical similitude 
ratio a. The set containment condition can be stated as 
follows. Let a = 1 when p e S and a — —l otherwise. 
Cl C S if and only if a = 1 and a > 1. Likewise, Cl C 
T if and only if a = — 1 and a > 1. The formulation 
required to calculate a is presented next. 


4.3 Maximal Deformation 

The means for calculating M, p and a are presented 
next. Let the master domain be V = TZ (a, b). 

The maximal deformation of the reference set = 
7 Z{p, m) leads to 

p = argmin j ||p - p||“ : a ma xg j (p) > 0 j , (13) 


a = 


\\P-P\\ 

||m|| 


(14) 


M = TZ(p, am) D V. (15) 

Therefore, when a — 1, the problem of finding the 
critical parameter value becomes the problem of find- 
ing a vector p in dZF of minimal distance in the 
m-scaled 0.^ norm from p. Notice that TZ(p,am) 
may not be contained in the master domain. This 
possibility is allowed for two reasons. First, because 
the maximal set corresponding to the case where 
7 Z(p, am) <2 V is larger than it would be if we require 
7 Z(p, am) C V. Second, because V D 7 Z(p, am) will 
remain hyper-rectangular, and therefore, we can cal- 
culate its probability analytically. 

Now consider the deformation of Cl = £(p. m,n). 
In this case, we have 


p = argmin < | p — p 

p l 


m 


: am&xgJp) > 0 > , (16) 


a = min 


P-P llm 

|| m || 


. min 

i 


bj - j Pj - dj 

m t 



(17) 


M = £(p,am,n). (18) 

As before, when a — l, the problem of finding the 
critical parameter value becomes the problem of find- 
ing a vector p in the failure domain of minimal dis- 
tance in the m-scaled l n norm from p. In contrast 
to Equation (13), Equation (16) ensures the contain- 
ment of £(p,am,n) by the master domain. This is 
required since in the case where the deformation ex- 
tends beyond V, P[D fl £(p, am, n )] cannot be cal- 
culated analytically. Note that M C S when a — 1, 
and M C IF when a = —1. 

4.4 Failure Domain Approximations 

In this section we generate a sequence of fail- 
ure domain approximations using the devel- 
opments above. These sequences, given by 



{T{ ub ,P|“ b , ...} and {J r [ up , T ^, . . .} (or equiva- 
lently {C(S^ ub ),C(S 2 Ub ), ■ . .}) approach the failure 
domain from inside and outside as their num- 
ber of terms increase. Note that the sequences 
{Sf ub ,Sl ub , ...} and {C(Pf“ b ),C(.F|“ b ), . . .} ap- 
proach the safe domain in the same fashion. Two 
algorithms for calculating these sequences are 
presented next. 

4.4.1 Algorithm 1 

This algorithm generates the approximations by unit- 
ing maximal sets that satisfy the almost disjoint con- 
dition of the Theorems. This condition is attained by 
making the maximal set contained in the safe (fail- 
ure) domain at any given iteration a part of the failure 
(safe) domain in subsequent iterations. The additional 
constrained functions g T and g s , yet to be defined, 
are used to implement this idea. The algorithm’s setup 
is as follows. 

Let g(p) < 0 denote the set of system require- 
ments and fp(p) be a joint density function of uni- 
form random variables supported in V. Let P max be 
the largest admissible failure probability associated 
with the system for a given uncertainty model f p (p), 
for all p € A C V. If the reference set Q is chosen to 
be the hyper-rectangle let n — oo. If the reference set 
Q is chosen to be the quasi-ellipsoid make n an even 
natural number. Set i — 1, T- ub = 0, S- ub = 0, g T = 0 
and g s = 0. 

1. Find a sample p of f p (p ) conditional on p e 
(j^jrsub u gsuby L et p = p an d calculate a. 

2. If a = 1, calculate the maximal set M. using 
the inequality constraint [g,gjr\ < 0, let S«5 = 
S- ub U M and T'X\ = JF/" 6 ; and redefine g F as 
[g T , 1 — \\p-p\\ n m }. If a = —1, calculate M us- 
ing the inequality constraint [miiij(— gj),g s \ < 
0, let = Tt ub U M and S% b = Sf ih ; and 
redefine g s as [^ 5 , 1 - ||p - p||£j. 

3. Let = C{S™ b i)- Evaluate P[Tf+i\ and 

P[PXJ\> or the lower bounds V’C^i+ij and 
according to f p (p) and the applicable 

Theorem. 

4. If l :> \P'Xi] > 1 — Pmax declare the system ac- 
ceptable and stop. If P\PXD % Pmax declare 
the system unacceptable and stop. Otherwise in- 
crease i by one go to Step (1). 

As i increases, the failure domain approximations 
approach the failure domain (i.e., T sub and S sub 
expand by the addition of new reference sets while 
jrstip con t r acts by the removal of new reference 
sets). Note that P[JF S “ 6 ] and -0(jF/“ b ) are mono- 
tonically increasing functions, while P[JF) S “ P ] and 



Figure 1: T sub (red), S sub (green) and dT (line). 

L(-Ff" p ) are monotonically decreasing functions. 
Further notice that a good coverage of the master 
domain may require an impractically large number 
of deformations. Conversely, depending upon the 
problem, convergence may be achieved in relatively 
few iterations. 

Example 1: Consider the constraint functions 

2 4 , 4 2 q 2 2 . Pi A P 2 

9 1 = P1P2 + P1P2 ~ 3 PiP 2 - P1P2 + 9QQ 

+Sill ^ lP2 ) 3 ’ (19) 

92 = ~p\p\ - p\p\ + ?>p\p\ + - °- 9 

tanh( Pl -p 2 ) (2Q) 

for V = TZ(p 1 m) where p = [0, 0] T and m = 
[2.1, 2.1] t . These constraint functions were chosen so 
the failure and safe domains are multiply connected. 
Figure 1 shows the hyper-rectangular maximal sets 
that constitute the approximations T sub (red) and S sub 
(green). At this particular step of the sequence, i = 
250 subsets cover 70% of the master domain. Note 
that, by construction, none of the subsets composing 
the approximations cross dT . Besides, each subset ei- 
ther touches this boundary or touches another subset. 
Further notice that the number of subsets required to 
well cover the master domain is a function of the ge- 
ometry of the failure domain and not necessarily of 
the size of such a set. 






Figure 2: Probability bounds for several uncertainty models. 


Figure 2 displays the failure probability bounds 
corresponding to several uncertainty models as a 
function of the iteration number i. A uniform distri- 
bution (red circle line), a generalized beta with pa- 
rameters [10, 1] (blue diamond line), and a general- 
ized beta with parameters [2, 3] (black square line) are 
considered. The support set of these three models is 
the master domain. The horizontal lines correspond to 
high-fidelity Monte Carlo approximations to the fail- 
ure probability. Additional iterations lead to the en- 
largement of the approximations and consequently to 
the tightening of the bounds. In the limit, they con- 
verge to P[P\. The size of the subset being annexed 
to the approximation as well as its probability tend 
to decrease with i. Therefore, the generation of ar- 
bitrarily tight bounds may require an impractically 
large number of subsets where many of them will 
have very small probability. Note however that for any 
uncertainty model satisfying A C p sub U JF S " P , both 
bounds take on the exact failure probability value. Re- 
call that the calculation of probability bounds shown 
in Figure 2 and those corresponding to any uncer- 
tainty model supported in V require a practically in- 
significant amount of computational effort. 

4.4.2 Algorithm 2 

The algorithm below iteratively generates the indexed 
sets A i, S- ub , and P- ub where S- ub is an inner approx- 
imation to the safe domain, T[" b is an inner approxi- 
mation to the failure domain, and A* is a region whose 
containment in T or S is to be determined. The terms 
in the inner approximations are reference sets of var- 
ious homothetic deformations. At any given iteration 
we first chose a hyper-rectangle from those in Aj. By 
the means presented in Section 4.2 we determine if 
the reference set inscribed in this hyper-rectangle is 
contained in the safe or failure domains. If the ref- 


erence set is contained in the safe domain, the inner 
approximation to the safe domain is expanded with 
this element. If the reference is contained into the fail- 
ure domain, the inner approximation to the failure do- 
main is expanded with this element. Otherwise, the 
rectangle is subdivided into smaller subsets (see sec- 
tion 2 for two subdividing logics), and these subsets 
are appended to Aj. The algorithm terminates when 
the bounds to the failure probability exceeds a pre- 
scribed limit. The algorithmic representation of this 
procedure is as follows. 

Use the same setup of Algorithm 1. Furthermore, 
set i — 1, Aj = {T>}, Tf ub = 0 and Sf ub = 0. 

1. Let 7 Z(p,m) be a largest element of A. Let 
U = 7Z(p, rri) for hyper-rectangles and Q = 
£(p, m, n ) for quasi-ellipsoids. 

2. Calculate o and a. 


If a 

T— i 

V 

set Aj +1 = (Aj 

\p)u pin). 

osub 

<Vbl — 

<?sub 
2 ’ 

and 

jrsvb = jrsub' If a > 1 and 

a = 1, 

let A 

i+ 1 = 

A* \ n, = 

S° ub U Q and 

'T'sub 

^2+1 _ 

jTsub 

. If a 

> 1 and a = - 

-1 let Aj +1 = 

Aj \ 1Z, 

'TTsub 
^ 2+1 

= Tt ub U U and S/+ 

gsub 


4. Let = C'(<S ; +). Evaluate P[++ b ] and 

P\Pi+ 1 ] or their lower bounds +++) and 
'0(^7+ 1 ) depending upon the applicable Theo- 
rem. 

5. If P[P?+i\ A 1 — Pmax declare the system ac- 
ceptable and stop. If P[F-+ f] < P ma x declare 
the system unacceptable and stop. Otherwise in- 
crease i by one, and go to Step (1). 

Note that the subdividing logic used to generate 
reference sets ensures the almost disjoint condition 
required by the Theorems. As i increases, the approx- 
imations approach the failure domain (i.e., T sub and 
S sub expand by the addition of new reference sets 
while P sup contracts by the removal of new reference 
sets). As before, P[F? ub ] and ip(J r £' b ) are monoton- 
ically increasing functions of i, while P[P[ up ] and 
ip{J-* vp ) are monotonically decreasing functions of 
the same variable. Note that the elements left in Aj 
are an approximation of <)T . The larger the value of i 
the smaller the volume of this approximation. 

Example 2: Figure 3 shows the failure domain 
approximations resulting from applying Algorithm 
2 to the same requirement functions in Example 1. 
Note that the approximation of the failure domain 
boundary (white) is significantly better than that of 
Algorithm 1. As a result, the approximations give a 
better sense of the connectedness of the actual failure 
domain than those resulting from Algorithm 1. A 



Figure 3: T sub (red), S sub (green), and dT (line). 


better coverage of the master domain is attained be- 
cause T sub and S sub grow from the inside out. In this 
particular case, i = 250 subsets cover 78% of V. This 
improved coverage comes at the expense of having to 
perform many deformations whose maximal sets are 
not ultimately annexed to the approximations. In this 
example, 654 deformations were required to generate 
these 250 sets. This is the basis that makes Algorithm 
1 more computationally efficient than Algorithm 2 
in general. Figure 4 shows the probability bounds 
corresponding to the same uncertainty models used 
in Figure 2. These bounds are tighter than those 
from Algorithm 1 because the approximations are 
improved by appending/removing the largest subset 
among those available. 

5 CONCLUSIONS 

This paper proposes an uncertainty analysis frame- 
work for characterizing the failure and safe domains 
of a system whose design requirements have an arbi- 
trary functional dependency on the uncertainty. The 
characteristics of interest are worst-case uncertainty 
combinations, metrics that evaluate the separation be- 
tween any given point and the failure domain, approx- 
imations to the failure and safe domains; as well as 
lower and upper bounds to the failure probability. A 
nonlinear constrained optimization-based approach is 
proposed. This and all other methods requiring the ex- 
ploration of the uncertain parameter space suffer from 
the curse of dimensionality, and as such, their compu- 
tational demands grow exponentially with the num- 
ber of uncertain parameters. Unfortunately only this 


space can provide the sense of causality required to 
understand and prevent failure. The high dimension- 
ality of this space along with the inability to guaran- 
tee that optimization problems posed there will con- 
verge to the global optimum are the main liability of 
the engineering decisions supported by the outcomes 
of these methods. A significant feature of the method- 
ology proposed is that it allows accommodating for 
changes in the uncertainty model with practically in- 
significant computational effort. Furthermore, the al- 
gorithms proposed allow for data parallelism (i.e., 
perform computations simultaneously on elements of 
a subdivision of the master domain). This will help to 
mitigate the formidable challenges of having a large 
number of uncertain parameters. 
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